Wikipedia:Wikipedia Signpost/2007-05-14/Compromised accounts
Administrator status restored to five accounts after emergency desysopping
Last week the Signpost reported that four administrator accounts which had used weak or insecure passwords were indefinitely blocked and desysopped after they were hijacked by an unknown person who cracked the password.
This week, a fifth administrator account was temporarily hijacked by the same vandal, although it was restored to the user's control a few hours later. All four of the original administrator accounts have been unblocked and resysopped. Mangojuice has proposed a method by which editors may place encrypted identifying information about themselves on their user pages, so they can easily confirm their identity in case of future password attacks (see related story).
On Tuesday, May 8, KnowledgeOfSelf reported (via an alternate account ActWonActToo) that he had been logged out of his account and his password and e-mail address had been changed. Commenters on the Administrators' noticeboard were initially split on whether to accept the claim, but when KnowledgeOfSelf uploaded an obscene image with a deceptive name, the account was immediately blocked and desysopped. Checkuser confirmed that ActwonActToo was KnowledgeOfSelf, and that the account had been hijacked by the same user who was responsible for hijacking four other administrator accounts the day before. KnowledgeOfSelf stated that he had used a strong password  , so the method of hijacking remains unknown. KnowledgeOfSelf was able to identify himself to Brion VIBBER, who reset the account password to enable KnowledgeOfSelf to retake control about 5 hours later. Bureaucrat Raul654 restored his administrator privileges.
AndyZ was blocked and desysopped on Monday, May 7, after his password was compromised and his account used for vandalism. AndyZ was unblocked on Tuesday, after establishing his identity to Mark. His administrator rights were restored on Wednesday.
- Marine 69-71
Marine 69-71 was unblocked and resysopped on Monday, May 7, a few hours after the hijacking.
Finally, the indefinite block on BuickCenturyDriver was lifted three days after the incident, based on an apology and on checkuser evidence that he was responsible for blocking Ryulong from AndyZ's account but was not the culprit behind the attack.